They're at it again! Phony emails bearing the BBB name are bombarding in-boxes across the country and right here in the Upstate, SC. The recent attack on consumers and businesses led the FBI to issue an alert this week about the recurrent scam.
Like many financial institutions and government agencies, BBB's visibility and reputation for trust makes us an ideal vehicle for scammers. Consider that bbb.org receives over six million visits every month; this makes us an attractive decoy for fraud and malicious activity.
We recommend that all domain owners set up a sender policy framework (SPF) and set their spam filter to use it. “Using the SPF standard helps fight spam and phishing attacks by allowing your email servers to verify whether an email is legitimate.
Microsoft offers a simple, four-step process for setting up an SPF:www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/.
The authentic BBB email addresses for complaints from the BBB of the Upstate sent out is:
- email@example.com (for complaints)
If you receive an email saying that your business has a complaint filed against it with BBB, there are several things you can do to authenticate it:
- Look for typos, grammatical errors, etc. in the text that could indicate it originated overseas.
- Check to see who it says it is from. Complaints go out from the local BBBs, not from the headquarters office. If you "whitelisted" the two addresses above, this may eliminate your problems.
- Hover your mouse over the link to see if its destination is really a bbb.org address.
- Copy and paste the link into Notepad (not Word). Notepad does not support html, so if the link is a fake bbb.org address, the real link will show up.
Note - an authentic email from BBB will always:
- come from your local BBB - not the Council of Better Business Bureaus or a BBB from another state.
- the email will include a secure HTTPS link to the complaint details.
- complaints are never sent as attachments.
The BBB system is working with federal law enforcement agencies to identify the perpetrator(s) of this fraud and has retained a deactivation company to help with those efforts.
One of the phishing fake emails is like the one below:
Valuedbusiness manager, we have obtained several reports through the Better BusinessBureau online complaint center regarding several suspicious transaction from anumber of private bank accounts to your corporate account. You can access thecomplaints in our online complaint center using the following link:
Your login data:
Complaint ID: #10199
The Better Business Bureau operates as an intermediary between US and Canadianconsumers and business, and assists in resolving consumer-related issues as animpartial third-party service. In certain cases The Better Business Bureaureserves the right to initiate an investigation of a business involved infeedback.
Dispute Resolution Officer. Josiah Kent
Council of Better Business Bureaus
3033 Wilson Blvd, Suite 600
Arlington, VA 22201